Two years after Anon “Kochblock,” Wisconsin man charged with DDoS

The US government is serious about arresting Anons who attack websites.

Two years ago, a few of the minds within the hacker collective Anonymous had a bright idea—to "Kochblock" the conservative billionaires Charles and David Koch, who own a list of companies longer than a roll of Angel Soft toilet paper (a brand which they also own). Anonymous decided that the attack would take some of the Koch brothers' sites offline, so it asked the hivemind to flood Koch sites with traffic.

The hivemind did so—but failed to down Angel Soft. The main Koch Industries site in Wichita, Kansas did buckle, however. "Keep it up, boys and kids! LAZERS TO 146.209.131.43 kochind.com is down and sinking further! Keep it up!" read one IRC post in the #OpWisconsin channel Anons used to coordinate the attack—a channel the FBI appears to have been watching. The attacks on Koch were in large part due to the brothers' support for embattled Wisconsin governor Scott Walker at the time.

Fast forward to yesterday, when the US Attorney for Kansas, Barry Grissom, announced that his office has brought federal charges against Eric Rosol, a 37-year old Wisconsin man from the town of Black Creek. From the indictment, Rosol doesn't appear to be some kind of mastermind, but rather just a guy who allegedly decided to install and fire the "Low Orbit Ion Cannon" denial of service weapon. (Read our primer on how these attack tools work.) Says the government:

On or about February 28, 2011, Anonymous requested that persons engaged in the DDOS attack against Koch Industries redirect their efforts to “Kochind.com,” and on said date Defendant Rosol, and others, “fired” a LOIC tool at “Kochind.com.” As a result of the acts of Defendant Rosol and others, on February 28, 2011, “Kochind.com” website crashed and was unavailable for legitimate traffic.

The government wants Rosol to forfeit what is described as an "Antec CPU (Custom), no visible serial number," an apparent reference to Rosol's home-built computer. (Antec makes computer cases and power supplies.) He also faces up to 10 years in prison—five on each of the two counts—though any sentence is likely to be a small fraction of that number.

The case, which was investigated by the FBI, shows the continued government interest in even less-spectacular Anonymous activities. DDoS a website for a couple days and you might have the feds on your doorstep... even years after the attack.

By analogy this is like saying "Mr x showed up for a political protest rally. As a result of 10,000 people being present, including Mr x, this investment bank couldn't do business, so Mr x has to go to jail for 2 years (edit: up to 10 years)." This is wrong (is it?) because Mr x didn't make any /significant/ contribution to the outcome.

This man from man from Black Creek, Wisconsin could not have brought down the Koch Brothers' web site with his puny little Internet connection. LOIC running on 1 PC is simply not up to the job.

I am kind of amused that they want him to forfeit the computer he used. Were I ordered to give up a computer I owned two years ago I'd likely wind up charged with obstruction of some kind or destruction of evidence. Even assuming I still used the case everything inside would be different and the drive would probably have been formatted a few times.

Partaking in a DDOS attack against a Web site for a toilet roll manufacturer. Partaking, mind you, not organising or even inciting. I say this as someone who is generally supportive of law enforcement taking action against things for which prioritisation is not obvious, but really, is this genuinely something that the FBI should have spent quite so much time investigating? How could that incident possibly be construed as worthy of so much time and effort?

By analogy this is like saying "Mr x showed up for a political protest rally. As a result of 10,000 people being present, including Mr x, this investment bank couldn't do business, so Mr x has to go to jail for 2 years (edit: up to 10 years)." This is wrong (is it?) because Mr x didn't make any /significant/ contribution to the outcome.

This man from man from Black Creek, Wisconsin could not have brought down the Koch Brothers' web site with his puny little Internet connection. LOIC running on 1 PC is simply not up to the job.

People say this all the time, but ddos is not the equivalent of a live protest. First off, a protest requires a lot more effort, and the participants generally care more about the cause. Second, a ddos is more forceful, its more like cutting off utility service to someone's shop, or entering and then locking the door behind you than simply standing outside with a sign in a legal manner.

By analogy this is like saying "Mr x showed up for a political protest rally. As a result of 10,000 people being present, including Mr x, this investment bank couldn't do business, so Mr x has to go to jail for 2 years (edit: up to 10 years)." This is wrong (is it?) because Mr x didn't make any /significant/ contribution to the outcome.

This man from man from Black Creek, Wisconsin could not have brought down the Koch Brothers' web site with his puny little Internet connection. LOIC running on 1 PC is simply not up to the job.

People say this all the time, but ddos is not the equivalent of a live protest. First off, a protest requires a lot more effort, and the participants generally care more about the cause. Second, a ddos is more forceful, its more like cutting off utility service to someone's shop, or entering and then locking the door behind you than simply standing outside with a sign in a legal manner.

The most obvious way a DDOS is completely dissimilar to an in-person protest is that there are tens of thousands of packets and connection attempts, versus only one person in a real protest.

I agree that the peanut in the story shouldn't shoulder the burden like this, unless they're found responsible for organising the attack, but part of the point of protests is that people get punished unjustly so that everyone can see how ridiculous the system is, and the pressure to change the system increases. It's not to get away scot free - that will change nothing.

...is this genuinely something that the FBI should have spent quite so much time investigating? How could that incident possibly be construed as worthy of so much time and effort?

Were I to venture a guess, they were unable to prosecute anyone important in this action, so this poor schmoe is the justification for the budget expenditure. As Harvey Keitel said, "Someone has to go to prison."

So when are they going to get the "masterminds" behind the attack? Prosecuting drones is an enormous waste of money.

They're sending a few Predators after them.

See its funny, because Predators are a type of drone. So it references the previous statement. Its like sending drones after masterminds. And since the mastermind, ah screw it. Insert some joke some place.

Amazing logic though. [...] This man from man from Black Creek, Wisconsin could not have brought down the Koch Brothers' web site with his puny little Internet connection. LOIC running on 1 PC is simply not up to the job.

He intended to take down the site, and he attempted to take down the site.

By your logic if 10 thousand people like him DOSed the site down for a year, none of them would be guilty of anything?

Amazing logic though. [...] This man from man from Black Creek, Wisconsin could not have brought down the Koch Brothers' web site with his puny little Internet connection. LOIC running on 1 PC is simply not up to the job.

He intended to take down the site, and he attempted to take down the site.

By your logic if 10 thousand people like him DOSed the site down for a year, none of them would be guilty of anything?

Being inept at crime doesn't mean that you aren't actually a criminal, it just means that they get to laugh at you at the trial.

If you try to rob a bank using lemon juice to prevent the cameras from picking up on you, using a banana in your pocket as a fake gun, you can still be convicted of the robbery, even though you were, clearly, too stupid to do so successfully.

Running a DDoS against the Koch Industries website is really, really ineffective because a) nobody really gives a crap if their website is unavailable, and b) it doesn't stop the Koch bros from continuing their plunder of the Earth and their manipulation of the US government and media.

By analogy this is like saying "Mr x showed up for a political protest rally. As a result of 10,000 people being present, including Mr x, this investment bank couldn't do business, so Mr x has to go to jail for 2 years (edit: up to 10 years)." This is wrong (is it?) because Mr x didn't make any /significant/ contribution to the outcome.

This man from man from Black Creek, Wisconsin could not have brought down the Koch Brothers' web site with his puny little Internet connection. LOIC running on 1 PC is simply not up to the job.

People say this all the time, but ddos is not the equivalent of a live protest. First off, a protest requires a lot more effort, and the participants generally care more about the cause. Second, a ddos is more forceful, its more like cutting off utility service to someone's shop, or entering and then locking the door behind you than simply standing outside with a sign in a legal manner.

The most obvious way a DDOS is completely dissimilar to an in-person protest is that there are tens of thousands of packets and connection attempts, versus only one person in a real protest.

I agree that the peanut in the story shouldn't shoulder the burden like this, unless they're found responsible for organising the attack, but part of the point of protests is that people get punished unjustly so that everyone can see how ridiculous the system is, and the pressure to change the system increases. It's not to get away scot free - that will change nothing.

I'm inclined to disagree with you there (on the point that the difference between a sit in and a DDOS is one person vs tens of thousands of packets) because, as Spamhaus shows, to have the on-line equivalent of a sit-in, you need to use more than 350Gb/s sustained bandwidth.

Partaking in a DDOS attack against a Web site for a toilet roll manufacturer.... but really, is this genuinely something that the FBI should have spent quite so much time investigating? How could that incident possibly be construed as worthy of so much time and effort?

I don't fault the investigation, but I wonder about the prosecution. Anon does all kinds of things, some of them quite evil, so FBI no doubt likes to go after them whenever they can. They would have liked to catch the ringleades of the toilet-paper attack; instead they caught this dude. If he is guilty, he deserves a slap on the wrist. The thing I object to is that the prosecution is even threatenning a jail sentence -- like they did with Aaron Schwartz.

He also faces up to 10 years in prison—five on each of the two counts—though any sentence is likely to be a small fraction of that number.

Well, at least we know that someone at Ars "gets it". Too bad the same can't be said for some of its readers.

Is this "10 years" talk the product of journalists who googled some legislation badly, or is it something that prosecutors are threatening him with in the hope scaring the dude into plea bargain? Either is plausible, and both make me kinda angry.

He also faces up to 10 years in prison—five on each of the two counts—though any sentence is likely to be a small fraction of that number.

Well, at least we know that someone at Ars "gets it". Too bad the same can't be said for some of its readers.

Is this "10 years" talk the product of journalists who googled some legislation badly, or is it something that prosecutors are threatening him with in the hope scaring the dude into plea bargain? Either is plausible, and both make me kinda angry.

It's not terribly complicated. Most crimes have a maximum punishment defined in the legislation, but sentencing is always at the discretion of the sentencing judge. (In recent years, some crimes have minimums as well to reduce that discretion, but not in this case I believe.) So the actual punishment is more or less completely up to the judge to determine based on the circumstances of the case, subject to the defined maximum.

When there are multiple crimes, the question arises as to whether the sentences for those crimes will be served consecutively or concurrently. Again, this is almost always up to the sentencing judge, and though technically sentences *can* be served consecutively, sentences are almost always served concurrently.

So, the maximum sentence is probably what has been reported, assuming the judge assigns the maximum allowed by the criminal statute *and* that they be served consecutively. However, the probability of this actually happening is extremely low, so it is not actually a very informative figure. (Obligatory car analogy: you could say that a vehicle can obtain a number of miles per gallon "up to" what it can achieve coasting down a steep slope with a strong wind at its back - technically true but uninformative.) If this guy has no significant criminal history and expresses a little regret, I'd guess he is unlikely to see any jail time at all, most likely a fine and probation.

EDIT: To clarify, the maximum figures are defined by the criminal statutes, not the prosecutors. In fact, prosecutors very often request a figure much lower than the maximum, especially if the defendant has been cooperative. (That's what you are bargaining for in a "plea bargain.") Though ultimately it is up to the judge.

The government wants Rosol to forfeit what is described as an "Antec CPU (Custom), no visible serial number," an apparent reference to Rosol's home-built computer.

If he filed the serial numbers off his computer, he must be a no-gooder.

Wouldn't a good question be how the government would know that the computer had no visible serial number?

Most likely it was seized as evidence.

If that were the case, would not the government have the CPU and hard drive serial numbers, not to mention the MAC address, to more closely identify the computer?

I'm sure they do have all that information. There is no real question of which computer they are talking about, so far as I can tell, so I don't quite understand what you are getting at. The description is probably just what was pulled off of the inventory sheet or exhibit list.

Umm... there seems to be some pervasive misunderstanding going on around here.

No-one has stated the accused filed off serials, other than commenters. In a world where it's possible to buy a ready built sealed device such as a branded laptop, I can understand the misunderstanding.

1. Antec (in this instance) is most likely the type of CASE (enclosure) the Motherboard sits in.2. Plenty of Custom cases don't have serial numbers beyond a manufacturers quality control sticker and perhaps a date of manufacture stamp on some of the parts.-2a. Stickers often dry up and fall off or are just removed because they spoil the look of the custom case.-2b. Where date stamps appear on parts, these are often on molded plastic parts and has little relevance to the case as a whole since they may be common to many cases in a production run. i.e. not unique & different to the date of the case manufacture.3. Custom cases may be built from individual components. eg. Side panel and front panel options which are sold separately.4. In Custom built PCs the computer is NOT the case, it is merely the enclosure in which it sits.

For emphasis - The CPU, Motherboard & Hard Drive are the computer. These all have unique identifiers, which I concede can perhaps be altered with some difficulty.

The government wants Rosol to forfeit what is described as an "Antec CPU (Custom), no visible serial number," an apparent reference to Rosol's home-built computer.

If he filed the serial numbers off his computer, he must be a no-gooder.

Wouldn't a good question be how the government would know that the computer had no visible serial number?

Most likely it was seized as evidence.

If that were the case, would not the government have the CPU and hard drive serial numbers, not to mention the MAC address, to more closely identify the computer?

I'm sure they do have all that information. There is no real question of which computer they are talking about, so far as I can tell, so I don't quite understand what you are getting at. The description is probably just what was pulled off of the inventory sheet or exhibit list.

From the article:"The government wants Rosol to forfeit what is described as an "Antec CPU (Custom), no visible serial number,"

From the Fourth Amendment of the US Constitution:"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

A generic description does not describe the computer with particularity.

Adding other articles previously on Ars, Sabin rolled over on Anonymous and was working with the F.B.I. It would be unreasonable to assume that no other member of Anonymous are/have been working with the F.B.I., DHS and the SS. Those members would not have been in a position to see the serial, or obtain other identifying information, such as CPU & HD serial, and the MAC address. However, in a forensic examination that information would have been recorded as a matter of policy and practice.

It could be a shortcoming of the article authors, or the information available, but information is lacking that is required to describe a computer lacking a serial number with particularity. If you have ever built a computer, you would also know that most purchased cases lack a serial number, but that also motherboards have serial numbers. This information missing is suspect. It is my belief that if the Fed.'s had the information in their possession that they would have provided information that particularly identified the computer.

No attack against you, more of an addressing of the articles shortcomings and using jdale's post as a segue into that.